As of this writing, there is no pfw ISO available for the excellent pfw web-management product (www.allard.nu/pfw) for OpenBSD. We support this project.

Plus, the ISO doesn’t have things like compliers, ports tree, etc; and often we have other consulting to do and customizations we perform while installing OBSD in addition to just the pfw install, so we can’t always use the ISO.

So, something I’ve been meaning to do for a while is put together a cookbook for this – here goes.

Note that the “10.1” is for testing on our own internal network – you will want to either add your own internal network here, or set up some other form of security, directory-based, or otherwise. Security considerations are beyond the scope of this cookbook, although there are resources listed below that can help you set this up.

Sudo setup:
Allow the pfw binaries to have the proper security with sudo – the preferred method is to use the visudo command, and add the following line to the text of the /etc/sudoers file:

www ALL = NOPASSWD: /var/www/pfw/bin/*

The non-preferred way, because it’s dangerous, and easy to typo somthing and render your sudo unusable, is to simply concatenate it to the end of the /etc/sudoers file manually:

echo www ALL = NOPASSWD: /var/www/pfw/bin/* >>/etc/sudoers

NOTE WELL: there are TWO greater-thans! using only one will remove your sudoers file!

Reboot and try it out!

lynx 127.0.0.1/pfw

After allowing cookies (all), you should be able to surf to the various links and see the pfw pages, albeit in text mode.

Happy hacking!

Resources:

eRacks Open Source Systems can help with preinstalled OpenBSD hardware with pfw, consulting to set up firewall rules, security, digest authentication, and so forth.

Security Architects can help with your security assessments, setting up firewall rules, and analysis of your overall site or enterprise security plan and strategy.

The Libre Group provides Open-Source consulting, migration planning and assessments of Open-Source ROI and how to obtain the most immediate return on migrating your business to Open Source infrastructure, including desktops, laptops, servers, etc.